Description
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
AU
None
R
Unchanged
V
Changed
RE
High
U
Amber
Affected products
- Palo Alto Networks / Cloud NGFWBefore 8/15 – Before 8/15
- Palo Alto Networks / Cloud NGFWOn or after 8/15 – On or after 8/15
- Palo Alto Networks / Cloud NGFWBefore 8/23 – Before 8/23
- Palo Alto Networks / Cloud NGFWOn or after 8/23 – On or after 8/23
- Palo Alto Networks / pan-os11.1 – 11.1
- Palo Alto Networks / pan-os9.1 – 9.1
- Palo Alto Networks / pan-os10.1 – 10.1
- Palo Alto Networks / pan-os10.2 – 10.2.8
- Palo Alto Networks / pan-os11.0 – 11.0.4
- Palo Alto Networks / Prisma AccessAll – All